Sorry I have been away for a while life has been crazy I have a new addition to the family ! my son was born on Christmas day 2018 what an adventure it has been so far I plan to be back to my regular blogger/
Sophos has released a new version to the their UTM 9 appliance version 9.600 now includes Lets Encrypt support. If you don’t know Lets Encrypt is a project that is lead by some of the biggest names in tech. With this project you can get a free SSL certificate for your site the catch is they expire every 90 days so you need a script that auto renews them for you which is included in the app.
To generate the certificate is very simple using webadmin follow the below screenshots
Once you finish these steps the UTM will reach out to the Lets Encrypt server to get the certificate generated !. Once the certificate is generated you will be able to apply it to the web-server protection module while hosting your web-servers behind the UTM. This allows the UTM to host the SQL certificate instead of having a certificate on each server which can be a nightmare to administer.The UTM will take care of re-newing the certificate for you with LetsEncrypt so no need to worry about that.
For more information on lets encrypt find them @ https://letsencrypt.org
Please let me know if you need any help or have any
2 thoughts on “Sophos adds Lets Encrypt support to UTM9”
Thanks for the tutorial. We use SSO authentication for web filtering and that is blocking us from implementing this certificate.
After hitting apply I get the message:
“TCP port ’80’ is already in use by the AD SSO interfaces.”
Do you have any thoughts on how to resolve this?
Interesting scenario are you hosting the site behind your UTM with the Webserver protection?
if so let’s encrypt should be directed to the site you are hosting so be sure that your virtual server setup is correct
let’s encrypt would do a query for yourdomain.com which should have an A DNS record going towards your UTM public IP then the virtual server would point the traffic
to the proper server via the HTTP headers which should then get to the proper site
If you’d like more help feel free to email me and Id love to help!